ISO 27001 Consultancy
ISO/IEC 27001 is an international information security management system (ISMS) Standard which was first published in October 2005 before being revised and updated in 2013. Along with ISO 27002 (Code of Practice), ISO 27001 provides organisations with a best practice framework for managing their information security. Achieving certification, entailing an external assessment of the ISMS by a certification body, provides you with the most effective means of demonstrating your information security commitment and capabilities to clients, internal and external stakeholders.
Challenges of Implementing ISO 27001
One of the key features of ISO 27001 is that it is risk based. The implementation of controls (technical measures, policies, processes etc.) is not prescriptive but is determined by an information risk assessment taking into account your risk appetite and the information you are seeking to protect. The goal with ISO 27001 is achieving an optimum balance, where the mandatory management system requirements of the Standard are being met whilst ensuring that your ISMS is tailored as fully as possible to your organisation’s size, culture and business objectives.
Achieving the Optimum ISMS
Achieving this optimum balance is where URM excels. We are able to ensure that you gain maximum benefit from implementing ISO 27001 by virtue of our experience (150 plus certifications), consultancy expertise (all ex-information security managers with real world experience and understanding of the challenges you face) and our purpose designed risk management tool (Abriska). Our consultancy services come not only with a 100% certification guarantee, but with the assurance that any implemented ISMS will be tailored, appropriate and sustainable. URM’s ISO 27001 consultancy services are also totally flexible and our consultants can provide guidance and knowledge transfer across the full lifecycle or specific areas such as assisting with risk assessments, policies and procedures, awareness and education, and compliance with legislative and regulatory requirements, including the Data Protection Act. Support will be tailored your specific requirements and is often dependent upon your internal expertise and its availability, timescales and budgets. URM also has a team of highly skilled and experienced auditors.
“Without doubt, URM helped us to achieve our planned objectives a lot sooner than expected. The engagement was a huge success and couldn’t have gone any better”
Tony Smollett, Group IT Director, UK Mail
“Without URM, Havas People would not of achieved its certification goals”
Jonathan Malone, Director, Havas People
Want to Learn More?
If you are looking to comply or certify with ISO 27001, we can provide you with two free sources of practical advice. URM has combined together with BSI (UK’s No. 1 Certification Body) to deliver half-day ISO 27001 implementation seminars which provide real-world insights on pitfalls to avoid and hints and top tips for ensuring a successful outcome. The contents of these seminars is based on the cumulative experiences of both URM and BSI implementing and assessing hundreds of ISMS’ over the last 10 years and the focus is on ‘how to’ certify.
In addition to attending free ISO 27001 seminars which are held approximately every 6 weeks across the UK, you can also take advantage of URM’s free ISO 27001 health checks. The half-day health checks are aimed at organisations looking to certify to ISO 27001, which are looking to benchmark what they currently have in place against the requirements of the Standard. Following the health check, which is delivered by our senior consultants, you will receive a high-level report and graph indicating the maturity of the key components of your ISMS. The health check provides you with a perfect way of understanding your current compliance status, where your development priorities lie and the likely timescales and resources you will require in order to achieve certification.
Another valuable source of free information from URM is our ‘Viewpoint’ articles where we focus on a specific issue or requirement of ISO 27001 and provide our practical perspective on how this requirement can be most effectively satisfied.